Trojan.Dialer.CP, [HijackThis] pour analyse

Bonjour à tous,

Je sollicite un peu d'aide pour l'analyse du HijackThis mis ci-après, mais avant je vous raconte les évènements ou du moins ce dont je me souviens !

Hier soir, Clean-up n'a pu délété 2 fichier et l'ordi s'est étéint et a rédémarré. Les fichiers étaient pour un des users dans
local setting\temp\~vis000\snt.exe et le 2ème idem avec ~vis001 .
Puis presque en simultané, BitDefender m'a annoncer qu'il avait bloqué Trojan.Dialer.CP et que l'ordi n'était pas infecté.
et j'ai eu une fenêtre de navigateur ouverte appelée Protection Center m'indiquant que mon PC pouvait être vulnérable à Serwab et on me conseillait de télécharger une solution de sécurité (2 proposées).

Ayant déjà bénéficié de votre soutien, j'ai laissé de coté la précédente proposition et j'ai utilisé vos outils :
-a2, spybot, ewido, ad-adware après mise à jour bien sûr!
-seul a2 a détecté 2 fichiers malware et les effacés sur demande : message de suppression = OK
Je pensais avoir fini (et c'était bien vu l'heure, 2h00 du mat!!), et avant de fermer, j'ai refait un Clean-Up et RE : les fichiers étaient toujours là, impossible à délétés (dixit Clean-up). Lorsque l'ordi a voulu redémarré, je l'ai stoppé "brusquement" en forçant l'arrêt.

Ce matin...j'ai redémarré en mode sans échec et relancé les analyses précitées : idem qu'hier soir :
-a2 : détection de 2 fichiers...suppression...OK
J'ai tenté d'annulé la restauration système (mais je sais plus si cela marche en mode sans echec ?!!)
J'ai redémarré, créé un point de restauration et lancé un HijackThis et un Clean-up :
-Les fichiers étaient là, mais délétés cette fois.
J'ai fini par un scan on line BitDefender : OK : aucun virus trouvé.

Ci-joint les fichiers a2, clean-up et Hijack.

Le PC est-il clean ? Merci pour votre aide , Peut-on faire confiance à ce message de "Protection center" : est-ce le centre de protection Windows ?Peut-on téléchargé sans crainte leur programme ?

a2
a-squared Report
Scan Started: 02/07/2006 10:06:54
Scan Finished: 02/07/2006 10:56:02
Scanning Time: 0h 49min 7sec
Scanned Files: 119820
Infected Files: 2

Nom du fichier Diagnostic
C:\Documents and Settings\Cocogirl\Local Settings\Temp\~vis0000\snt.exe Dialer
C:\Documents and Settings\Cocogirl\Local Settings\Temp\~vis0001\snt.exe Dialer

HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 11:33:34, on 02/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\AnalysePC\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Prevx Home\PXAgent.exe
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Logitech\iTouch\iTouch.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Program Files\Prevx Home\SAGUI.exe
C:\Apps\ActivBoard\OSD.exe
C:\Logitech\iTouch\kbdtray.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\program files\softwin\bitdefender9\bdnagent.exe
C:\program files\softwin\bitdefender9\bdswitch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
c:\program files\softwin\bitdefender9\bdmcon.exe
C:\Program Files\AnalysePC\HijackThis-analyse\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\ANALYS~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [PrevxHome] C:\Program Files\Prevx Home\SAGUI.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\program files\softwin\bitdefender9\bdswitch.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\AnalysePC\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: Prevx Agent (PrevxAgent) - Unknown owner - C:\Program Files\Prevx Home\PXAgent.exe" -f (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Clean-up
CleanUp! started on 07/02/06 11:36:08.
C:\Documents and Settings\LE PASLIER\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LE PASLIER\Local Settings\Temporary Internet Files\Content.IE5\3VN0AT0V\a2_a-squared_v2[1].jpg - deleted
C:\Documents and Settings\LE PASLIER\Local Settings\Temporary Internet Files\Content.IE5\3VN0AT0V\trojaner2[1].gif - deleted
C:\Documents and Settings\LE PASLIER\Local Settings\Temporary Internet Files\Content.IE5\49QVGL2F\emsisoft_com[1].jpg - deleted
C:\Documents and Settings\LE PASLIER\Local Settings\Temporary Internet Files\Content.IE5\49QVGL2F\kachel_v2[1].jpg - deleted
C:\Documents and Settings\LE PASLIER\Local Settings\Temporary Internet Files\Content.IE5\49QVGL2F\navbg_v2[1].gif - deleted
C:\Documents and Settings\LE PASLIER\Local Settings\Temporary Internet Files\Content.IE5\6992K9AS\logo_v2[1].jpg - deleted
C:\Documents and Settings\LE PASLIER\Local Settings\Temporary Internet Files\Content.IE5\O1EF4HUV\navbg[1].gif - deleted
C:\Documents and Settings\LE PASLIER\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
http://www.emsisoft.com/images/kachel_v2.jpg - deleted
http://www.emsisoft.com/images/logo_v2.jpg - deleted
http://www.emsisoft.com/images/emsisoft_com.jpg - deleted
http://www.emsisoft.com/images/navbg_v2.gif - deleted
http://www.emsisoft.com/images/trojaner2.gif - deleted
http://www.emsisoft.com/images/navbg.gif - deleted
http://www.emsisoft.com/images/a2_a-squared_v2.jpg - deleted
C:\Documents and Settings\LE PASLIER\Local Settings\Historique\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LE PASLIER\Local Settings\Historique\History.IE5\MSHist012006070220060703\index.dat currently in use. Will be deleted when Windows is restarted.
'Typed URLs' (Internet Explorer) - removed from the registry.
Visited: LE PASLIER@file:///C:/Program%20Files/AnalysePC/HijackThis-analyse/hijackthis-020706-1002.txt - deleted
Visited: LE PASLIER@file:///C:/Program%20Files/AnalysePC/CleanUp/reports/CleanUp-280306-1813.doc - deleted
Visited: LE PASLIER@file:///C:/Program%20Files/AnalysePC/a-squared/reports/report_060702_1006.html - deleted
Visited: LE PASLIER@file:///C:/Program%20Files/AnalysePC/HijackThis-analyse/hijackthis-020706-1134.txt - deleted
C:\Documents and Settings\LE PASLIER\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LE PASLIER\Application Data\Mozilla\Firefox\Profiles\2iilw4tm.default\cookies.txt.old - deleted
C:\Documents and Settings\LE PASLIER\Recent\CleanUp-280306-1813.lnk - deleted
C:\Documents and Settings\LE PASLIER\Recent\hijackthis-020706-1002.lnk - deleted
C:\Documents and Settings\LE PASLIER\Recent\hijackthis-020706-1134.lnk - deleted
C:\Documents and Settings\LE PASLIER\Recent\HijackThis-analyse.lnk - deleted
C:\Documents and Settings\LE PASLIER\Recent\reports.lnk - deleted
C:\Documents and Settings\LE PASLIER\Recent\report_060702_1006.lnk - deleted
C:\DOCUME~1\LEPASL~1\LOCALS~1\Temp\WGANotify.settings - deleted
C:\WINDOWS\temp\tmp00000574\ - deleted
C:\WINDOWS\temp\tmp0000654a\tmp00000000 currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LE PASLIER\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LE PASLIER\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LE PASLIER\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LE PASLIER\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Cocogirl\Local Settings\Temp\~vis0000\ - deleted
C:\Documents and Settings\Cocogirl\Local Settings\Temp\~vis0001\ - deleted
C:\WINDOWS\Prefetch\A2SCAN.EXE-05E5CF89.pf - deleted
C:\WINDOWS\Prefetch\A2START.EXE-2EEF60AF.pf - deleted
C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf - deleted
C:\WINDOWS\Prefetch\BDMCON.EXE-2FFC0AD1.pf - deleted
C:\WINDOWS\Prefetch\BDNAGENT.EXE-34DBB970.pf - deleted
C:\WINDOWS\Prefetch\BDNEWS.EXE-0BFB14D9.pf - deleted
C:\WINDOWS\Prefetch\BDSS.EXE-00372D30.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP.EXE-0C2275DA.pf - deleted
C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-12E646B5.pf - deleted
C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf - deleted
C:\WINDOWS\Prefetch\IPODSERVICE.EXE-3192DE38.pf - deleted
C:\WINDOWS\Prefetch\LIVESRV.EXE-38775F32.pf - deleted
C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf - deleted
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted
C:\WINDOWS\Prefetch\OPERA.EXE-12085680.pf - deleted
C:\WINDOWS\Prefetch\PXL1.EXE-1B570A76.pf - deleted
C:\WINDOWS\Prefetch\RSTRUI.EXE-03C49A96.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf - deleted
C:\WINDOWS\Prefetch\SAGUI.EXE-0C6221B8.pf - deleted
C:\WINDOWS\Prefetch\SPUPDSVC.EXE-21B36524.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-265B2F9E.pf - deleted
C:\WINDOWS\Prefetch\UPGREPL.EXE-3220E7B2.pf - deleted
C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf - deleted
C:\WINDOWS\Prefetch\VSSERV.EXE-3004757F.pf - deleted
C:\WINDOWS\Prefetch\WGATRAY.EXE-0ED38BED.pf - deleted
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf - deleted
C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf - deleted
C:\Documents and Settings\LE PASLIER\Application Data\Opera\Opera\profile\opera6.adr.bak - deleted
C:\Documents and Settings\LE PASLIER\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LE PASLIER\Local Settings\Historique\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LE PASLIER\Local Settings\Historique\History.IE5\MSHist012006070220060703\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LE PASLIER\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk - deleted
C:\WINDOWS\system32\CatRoot2\edb.chk - deleted
'Run MRU' list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
CleanUp! 4.0 recovered 1.4 MB of disk space from 56 files.
CleanUp! finished on 07/02/06 11:37:31.